Recover Login Details
Strategic discovery and proposal to improve ANZ’s credential recovery experience
Project status:
Product backlog
Role:
Product Design Lead
Team:
Product Manager
Platforms
iOS, Android, Web
At ANZ, 40,000 customers recover their login details every month. 40% abandon the process before completing it. I led a strategic discovery and designed two paths forward: prevent the need for recovery, or make recovery seamless when it's unavoidable.
At a glance
40,000
Password resets monthly
40%
Abandon rateMy role
I partnered with the product manager to build a data-backed case and pitch the initiative to leadership. Over six months, I led market research, adoption mapping, and designed both directions end-to-end across web and native app.
How it started
After shipping Internet Banking Login, the adjacent recovery experience looked disjointed. It hadn't been updated in years.
I reached out to the Product Manager to understand how the flow was performing. The PM shared the 40% abandon rate. Contact centre data confirmed reset password remained a high volume enquiry type.
This flow isn’t isolated, any experience that requires the Internet Banking login connects to it – App registration, reset app PIN, log in & prefill online applications.
I saw that this may be more than a UI fix and decided to look deeper.
Why the flow fail our customers?
The flow requires customers to enter their card number and card PIN to proceed. The dropout happened at this step.
70% of failures came down to system design. Customers either didn't have their card on them, forgot their PIN, or didn't trust entering their card details. Within these failures, almost 1 in 3 are card related.
Customer Abandon Reasons
Research insights
Three insights I gathered on consumer card usage from market research, customer complaints, competitive analysis and reports from Australian Payments Network and Reserve Bank of Australia.
Card problem will worsen over time if we don’t change
ATM withdrawals declining, digital wallet usage rising. Customers are leaving cards at home and forgetting PINs. Requiring card and PIN for password reset is moving against consumer behaviour."
Additionally, complaints data shows customers are not comfortable with entering their card details and PIN online and considered it “not safe”
We’re falling behind in terms of a flexible recovery experience
Other institutions have opted for
Separate recover user ID and reset password flows. Once customers can retrieve their user ID, the password reset experience is more flexible.
Using personal identifiable information (PIIs) to recover login details
Internally, we’re not yet leveraging PIIs in the password flow, albeit already verifying either them in assisted channels.
Customer already expects better authentication
Customers struggle to remember their login details. Internal research show up to 33% customers don’t remember them. Especially for customers primarily bank on app.
Since the data breach events, customer are requesting additional authentication methods such as Two factor authentication (2FA) and app PIN login. This also aligns with the Identity team’s long term strategy to move into passwordless authentication.
Proposed directions
I proposed two directions: a strategic direction that will help eliminate customer’s need to go through the flow in the first place and strengthen our security offering, and a tactical one to provide alternatives to card and PIN requirement.
Direction 1: Prevention with Passwordless Login
What if customers didn't need to recover credentials because they rarely needed them?
When the PM shared that the team was investigating passkey feasibility, I saw the opportunity to visualise what the experience would look like for Internet Banking.
Fallback options
Where passkeys aren't available, I explored alternatives to help customers log in without a password, such as push notification via ANZ app, or ability to set trusted device once customer has successfully authenticated.
Adoption Planning
Given passkeys were the preferred direction, I mapped what successful adoption would look like:
Introduction - Making customers aware of the new feature
Transition - A transition period where while we accept both. Customers may be nudged at appropriate entry points (e.g. prompted to set up upon credentials recovery or password change)
Full implementation - password would be phased out
I mapped the adoption journey across all entry points, anticipated traffic to inform prioritisation, and visualised screen flows with potential challenges. So the team was ready for detailed conversations when questions came.
Understanding the effort required, I also proposed a leaner tactical solution to address the abandon rate directly.
Direction 2: Omnichannel Recovery with alternatives
The second direction adds an alternative pathway: verifying with personal details instead of card and PIN. We already verify customers using their personal details in banker channels, the same approach should extend to digital channels.
Security recommendations will determine which combination of information are sufficient for verification.
Experience and architecture
Currently, customers recovering their password from the app unauthenticated would get handed off to a web experience, landing in Internet Banking before switching back.
I proposed using the existing cross-platform UI library to deliver a seamless experience across iOS, Android and web without separate builds. This reaches the goal of an omnichannel experience with reduced effort.
Beyond the immediate fix, I mapped how the flow and systems could evolve from their current state to full Identity team ownership.
Outcomes
From the 6 month discovery work we now have
A data-backed business case from multiple research resources and secured leadership review
Two design directions for assessment
Complete screenflows across web and app ready for user testing
Adoption journey for customers
System evolution roadmap to strategic ownership of this complete identity experience
Both directions are now designed, documented and ready for user testing, giving the team two clear paths forward when the opportunity opens.
Potential Impact
Even with 5% reduction in abandon rate, it could mean
3,000
Calls reduced
15,000
Minutes banker handling time saved